<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');


class Login extends CI_Controller {

	function __construct()
	{
		parent::__construct();

	}
	public	function Error($msg) {
		echo("
   				<Script>
   				window.alert(\"$msg\")
   				history.go(-1)
   				</Script>"); 
		exit;

	}

	public function login_fail($msg){
		$expiration = time()-60; // 1分钟限制
		$sql = "SELECT *  FROM login_fail WHERE ip = ? ";
		$binds = array($this->input->ip_address());
		$result = $this->db->query($sql, $binds)->result();
		if(count($result)>0){
			for ($i=0;$i<count($result);$i++){
				$times[]=$result[$i]->time;
			}
			$maxtime=max($times);
			if((now()-$maxtime) >=60){
				$this->db->query("DELETE FROM login_fail WHERE ip  = '".$this->input->ip_address()."'");
			}else{
				if(count($result)>=5){
					$this->Error('连续错误5次，请1分钟后重试！');
				}
			}
			//var_dump($maxtime)  ;
		}

		$login_fail_data = array(
    	'ip' => $this->input->ip_address(),
   		 'time' => now(),
		'info'=>$msg
		);
		$query = $this->db->insert_string('login_fail', $login_fail_data);
		$this->db->query($query);



	}
	public function index()
	{
		echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
		$this->load->helper('url');
		$this->load->helper('date');
		$this->load->model('user_m');
		$this->load->model('event_log_m');

		$expiration = time()-7200; // 2小时限制
		$this->db->query("DELETE FROM captcha WHERE captcha_time < ".$expiration);

		// 然后再看是否有验证码存在:
		$sql = "SELECT COUNT(*) AS count FROM captcha WHERE word = ? AND ip_address = ? AND captcha_time > ?";
		$binds = array($_POST['captcha'], $this->input->ip_address(), $expiration);
		$query = $this->db->query($sql, $binds);
		$row = $query->row();

		if ($row->count == 0)
		{
			$this->login_fail('验证码错误！');
			$this->Error('验证码错误！');
		}

		$result=$this->user_m->user_SelectByUserName($_POST['username']);

		//var_dump($result[0]);
		if($result!=null){
			if($result[0]->activation==0){
				echo("
   				<Script>
   				window.alert(\" 未激活的用户！\")
   				</Script>");
				redirect('act','refresh');
			}
			if(md5($_POST['password'])==($result[0]->password)){
				$event=array(
					'username'=>$result[0]->username,
					'event'=>'login',
					'time'=>unix_to_human(now(), TRUE,'PRC')				
				);
				$this->event_log_m->user_insert($event);
				$logininfo=array(
					'username'=>$result[0]->username,
					'password'=>$_POST['password']
				);
				$this->db->query("DELETE FROM login_fail WHERE ip  = '".$this->input->ip_address()."'");
				$this->session->set_userdata($logininfo);
				echo("
   				<Script>
   				window.alert(\"登录成功！\")
   				</Script>"); 

				redirect('show','refresh');
			}else{
				$this->login_fail('错误的密码！');
				echo("
   				<Script>
   				window.alert(\"错误的密码！\")
   				</Script>");
				redirect('index','refresh');
			}}else{
				$this->login_fail('错误的用户名！');
				echo("
   				<Script>
   				window.alert(\"错误的用户名！\")
   				</Script>");
				redirect('index','refresh');
			}

	}

}
?>